Senior Application Security Engineer

Role: Senior Application Security Engineer - Vulnerability Operations

Location: NJ/TX/NC - Hybrid

Role Summary:

The Senior Application Security Engineer serves as a technical and operational leader within the Vulnerability Operations function. This role drives large-scale adoption of application security controls partnering closely with engineering teams and the Application Security Champion community to ensure secure design development and deployment across the enterprise. You will lead strategic control rollouts guide vulnerability governance address emerging threat classes and provide expert escalation support for the most complex AppSec issues.

Key Responsibilities:

Strategic Leadership & Program Enablement

Lead the enterprise-wide operationalization of AppSec controls ensuring scalable integration across CI/CD pipelines and diverse engineering environments.

Partner with the Application Security Champion team to embed secure development practices coordinate training share emerging vulnerability insights and drive decentralized security ownership.

Own the tiered security control strategy (Tier 1 3) defining quarterly migration targets and ensuring cross-portfolio alignment.

Advanced Vulnerability & Threat Management

Act as subject-matter expert for advanced and emerging vulnerability classes (e.g. supply chain risks AI/ML application threats container/Serverless misconfigurations emerging OWASP categories).

Lead complex vulnerability triage and remediation efforts; facilitate cross-team deep-dive sessions to drive prioritization and timely mitigation.

Conduct proactive threat modeling and security design reviews for high-risk or business-critical applications.

Automation & CI/CD Security Architecture

Architect scalable CI/CD integrations for SAST DAST SCA and secrets scanning using policy-as-code automated gating and risk-based controls.

Implement and optimize Tier 3 merge-prevention and build-failure gates ensuring engineering teams meet strict compliance requirements.

Develop reusable automation frameworks scanning templates and pipeline modules to accelerate secure software delivery.

Governance Reporting & Stakeholder Engagement

Design and maintain KPIs scorecards and compliance dashboards using analytics platforms (Power BI Grafana or equivalent).

Lead risk review forums document mitigations publish weekly risk register updates and deliver executive-level insights on trends gaps and emerging threats.

Oversee quarterly migration planning dependency tracking and cross-team alignment on AppSec program objectives.

Mentor AppSec Specialists and upskill partner engineering teams on tools governance workflows and emerging security techniques.

Emerging Vulnerabilities & Continuous Improvement

Stay current with modern vulnerability trends (e.g. supply chain risks API threats cloud-native issues).

Evaluate tool outputs identify false positives and provide actionable remediation guidance.

Recommend improvements to scanning processes workflows and onboarding procedures.

Required Qualifications & Skills:

Bachelors or Masters in Computer Science Cybersecurity or related field.

7 years of experience in Application Security engineering vulnerability management or secure development.

Expertise in advanced AppSec concepts: secure design patterns threat modeling exploit analysis and remediation strategy for modern architectures (microservices APIs cloud-native).

Proven experience leading CI/CD-integrated security automation (SAST DAST SCA secrets scanning IaC scanning).

Strong track record of working with engineering organizations and AppSec Champions to drive program adoption.

Demonstrated ability to interpret complex vulnerability trends emerging threats and zero-day risk scenarios.

Excellent communication executive presentation skills and ability to influence senior technical leaders.

Preferred Qualifications:

Hands-on experience with cloud-native security tooling across AWS Azure or GCP.

Certifications: CISSP CSSLP OSWE OSCP GWAPT or equivalent industry credentials.

Familiarity with policy and governance tools (OPA/Gatekeeper) software supply chain frameworks (SLSA SBOM) and Infrastructure-as-Code security.

Experience designing or contributing to AppSec Champion programs or federated security enablement models.